You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

so unfortunately I've managed to get myself a virus that redirects me when I visit sites on Google chrome. I've tried nearly everything in removing this thing, and it always comes back. I haven't installed anything recently. I got the virus by clicking on a link accidentally, and a pop-up appeared and it was too late, the virus had already downloaded. Since then, I keep getting redirects to more malicious software, when I click on sites that I visit often.

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Warning!Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.

Double click on downloaded file. OK self extracting prompt.

MBAR will start. Click "Next" to continue.

Click in the following screen "Update" to obtain the latest malware definitions.

Once the update is complete select "Next" and click "Scan".

When the scan is finished and no malware has been found select "Exit".

If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.

Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:

"mbar-log-{date} (xx-xx-xx).txt"

"system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

Please download Rkill(courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

If using Windows Vista, 7 or 8 right-click on it and chooseRun As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTEDo NOT wrap your logs in "quote" or "code" brackets.Do NOT use spoilers.Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

Okay, so right as I say Firefox is fine, the browser goes into 'Not Responding'. I checked the task manager and saw two instances of 'COM Surrogate' disappear really quickly. Should I be concerned about this? The Sophos Removal Tool is still running on the system, by the way.

Okay, Sophos didn't find anything and I reset my settings and reinstalled Chrome anyway to be sure. However, I'm still too scared to actually try Chrome. Also, I checked my task manager and for some reason, 'Microsoft Solitare Collection' was running. I don't ever play Solitare so, I found this a bit odd. I opened the folder where the Solitare app is located and, I noticed that the name is rather weird.The name was: MicrosoftSolitaireCollection_3.12.8312.0_x64__8wekyb3d8bbwe and I'm wondering if that's a normal name or...? Also Firefox, has started sometimes opening a tab 2 or 3 times when I only click on it once, so I guess that could be considered odd behavior.

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspxNo installation required.Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.Go File>Save, and save it as Autoruns.txt file to know location.You must select Text from drop-down menu as a file type:

Okay, I'm on Microsoft Edge now, and it's not letting me download Firefox or google Chrome. It just keeps saying that the file couldn't be downloaded. Can you help me with this? I'm kinda freaking out right now.